01/17/2019

Federal and State Privacy Legislation Gaining Steam

The legislation will regulate how companies collect, use personal data

Federal and state lawmakers are stepping up efforts to pass legislation regulating how companies collect and use personal data.

Calls for a national privacy law have gained force after some high-profile missteps last year like Facebook’s Cambridge Analytica scandal and the enactment of sweeping privacy regulations in Europe that among other things require companies to obtain permission before collecting personal data from users.

In the U.S., states have already started to pass their own tougher privacy rules. A California law set to take effect Jan. 1, 2020, requires companies to show users what data is collected on them, what the data will be used for and to identify any third parties who have been given access to the data. The new law will be enforced by the California attorney general and provides Internet users a private right of action if companies fail to adequately protect their data. The law has sparked concern from trade groups that said they had no input before the bill was rushed through the state legislature last summer. Groups like The Nonprofit Alliance are working with state lawmakers to amend the California law to clarify that the law does not apply to nonprofit organizations.

“The nonprofit community supports responsible data use,” said The Nonprofit Alliance CEO Shannon McCracken. “We also are keenly aware of the effect that over-reaching legislation can have on our ability to reach beneficiaries, assess need, create awareness, and measure the impact of our work and our donors’ dollars. To that end, The Nonprofit Alliance is working to amend the California privacy statute, as well as seeking enactment of carefully-crafted federal privacy legislation, which will serve the interests of both consumers and nonprofits.”

Calls for comprehensive federal privacy legislation are coming from consumer advocates, members of Congress and even companies like Apple, whose CEO Tim Cook said in a TIME magazine op-ed this week that the Federal Trade Commission should form a “data-broker clearinghouse” that lets people track and delete personal information on demand.

There has already been a lot of action on data privacy in the Senate. Last fall, Senate Finance Committee Ranking Member Ron Wyden (D-OR) released a working copy of the Consumer Data Protection Act, which allows consumers to control the sale and sharing of their data and empowers the FTC to police companies that recklessly use and share personal data. Wyden’s bill would also create a national Do Not Track system that lets consumers stop third-party data brokers from tracking them online.

Sen. Marco Rubio (R-FL) and Sen. Brian Schatz (D-HI) have also introduced privacy legislation. The Democratic-controlled House is likely to work with Wyden and other Senate Democrats to introduce companion privacy legislation that would be very likely to pass in that chamber.

The American Society of Association Executives (ASAE) and the Nonprofit Alliance are working together on this issue. We will be in touch in the coming weeks on how associations can be involved in addressing state and federal privacy laws.

This article was provided to OSAE by the Power of A and ASAE's Inroads.